| 1 |
Hi Ulrich, |
| 2 |
|
| 3 |
I'm happy with this "as is", but there may be a few improvements still. |
| 4 |
|
| 5 |
By the way: This improves the situation for mounted ro /boot by moving |
| 6 |
the check from preinst to pretend. |
| 7 |
|
| 8 |
For noauto /boot (I believe the default and recommended) this fixes things. |
| 9 |
|
| 10 |
This is the reason I decided to rather go with mounting /boot but as ro |
| 11 |
instead of not mounting at all. |
| 12 |
|
| 13 |
May I also suggest we start recommended read-only /boot instead of not |
| 14 |
mounted at all in order to avoid similar issues from recurring? |
| 15 |
|
| 16 |
Kind Regards, |
| 17 |
Jaco |
| 18 |
|
| 19 |
On 2019/12/07 11:10, Ulrich Müller wrote: |
| 20 |
|
| 21 |
> The eclass failed to remount a read-only mounted /boot, because package |
| 22 |
> collision sanity checks in recent Portage versions prevented it from |
| 23 |
> reaching pkg_preinst() at all. Furthermore, with the "mount-sandbox" |
| 24 |
> feature enabled, the mount won't be propagated past pkg_preinst() and |
| 25 |
> installed files would end up under the (shadowed) mount point. |
| 26 |
> |
| 27 |
> Therefore don't even attempt to mount /boot ourselves, but error out |
| 28 |
> if it isn't mounted read/write and ask the user to mount /boot. |
| 29 |
> |
| 30 |
> Also clean up and simplify. (For example, awk is a grown-up program |
| 31 |
> which doesn't need any help from egrep or sed. :-) |
| 32 |
> |
| 33 |
> Closes: https://bugs.gentoo.org/532264 |
| 34 |
> See-also: https://bugs.gentoo.org/274130#c5 |
| 35 |
> Signed-off-by: Ulrich Müller <ulm@g.o> |
| 36 |
Acked-by: Jaco Kroon <jaco@××××××.za> |
| 37 |
> |
| 38 |
> --- |
| 39 |
> v3: Exit awk commands on first match. |
| 40 |
> |
| 41 |
> v4: Added die statements after awk commands |
| 42 |
> Fixed typo in mount-boot_is_disabled function documentation |
| 43 |
> Reverted renaming of I_KNOW_WHAT_I_AM_DOING variable |
| 44 |
> |
| 45 |
> eclass/mount-boot.eclass | 144 +++++++++++++-------------------------- |
| 46 |
> 1 file changed, 48 insertions(+), 96 deletions(-) |
| 47 |
> |
| 48 |
> diff --git a/eclass/mount-boot.eclass b/eclass/mount-boot.eclass |
| 49 |
> index 938df6732f43..ca27aca7efbd 100644 |
| 50 |
> --- a/eclass/mount-boot.eclass |
| 51 |
> +++ b/eclass/mount-boot.eclass |
| 52 |
> @@ -1,156 +1,108 @@ |
| 53 |
> -# Copyright 1999-2015 Gentoo Foundation |
| 54 |
> +# Copyright 1999-2019 Gentoo Authors |
| 55 |
> # Distributed under the terms of the GNU General Public License v2 |
| 56 |
> |
| 57 |
> # @ECLASS: mount-boot.eclass |
| 58 |
> # @MAINTAINER: |
| 59 |
> # base-system@g.o |
| 60 |
> # @BLURB: functions for packages that install files into /boot |
| 61 |
> # @DESCRIPTION: |
| 62 |
> # This eclass is really only useful for bootloaders. |
| 63 |
> # |
| 64 |
> # If the live system has a separate /boot partition configured, then this |
| 65 |
> # function tries to ensure that it's mounted in rw mode, exiting with an |
| 66 |
> -# error if it can't. It does nothing if /boot isn't a separate partition. |
| 67 |
> +# error if it can't. It does nothing if /boot isn't a separate |
| 68 |
partition. |
| 69 |
> + |
| 70 |
> +case ${EAPI:-0} in |
| 71 |
> + 4|5|6|7) ;; |
| 72 |
> + *) die "${ECLASS}: EAPI ${EAPI:-0} not supported" ;; |
| 73 |
> +esac |
| 74 |
> |
| 75 |
> EXPORT_FUNCTIONS pkg_pretend pkg_preinst pkg_postinst pkg_prerm |
| 76 |
pkg_postrm |
| 77 |
> |
| 78 |
> -# @FUNCTION: mount-boot_disabled |
| 79 |
> +# @FUNCTION: mount-boot_is_disabled |
| 80 |
> # @INTERNAL |
| 81 |
> # @DESCRIPTION: |
| 82 |
> # Detect whether the current environment/build settings are such that |
| 83 |
we do not |
| 84 |
> # want to mess with any mounts. |
| 85 |
> mount-boot_is_disabled() { |
| 86 |
> - # Since this eclass only deals with /boot, skip things when ROOT |
| 87 |
is active. |
| 88 |
> - if [[ "${ROOT:-/}" != "/" ]] ; then |
| 89 |
> + # Since this eclass only deals with /boot, skip things when EROOT |
| 90 |
is active. |
| 91 |
> + if [[ ${EROOT:-/} != / ]] ; then |
| 92 |
> return 0 |
| 93 |
> fi |
| 94 |
|
| 95 |
I don't use spaces in path names ... but what happens here if ROOT or |
| 96 |
EPREFIX (and by implication EROOT) contains a space? |
| 97 |
|
| 98 |
What about just checking "${EROOT}/boot" instead? |
| 99 |
|
| 100 |
Would that even be possible ... ? |
| 101 |
|
| 102 |
> |
| 103 |
> |
| 104 |
> # If we're only building a package, then there's no need to check |
| 105 |
things. |
| 106 |
> - if [[ "${MERGE_TYPE}" == "buildonly" ]] ; then |
| 107 |
> + if [[ ${MERGE_TYPE} == buildonly ]] ; then |
| 108 |
> return 0 |
| 109 |
> fi |
| 110 |
> |
| 111 |
> # The user wants us to leave things be. |
| 112 |
> if [[ -n ${DONT_MOUNT_BOOT} ]] ; then |
| 113 |
> return 0 |
| 114 |
> fi |
| 115 |
> |
| 116 |
> # OK, we want to handle things ourselves. |
| 117 |
> return 1 |
| 118 |
> } |
| 119 |
> |
| 120 |
> # @FUNCTION: mount-boot_check_status |
| 121 |
> # @INTERNAL |
| 122 |
> # @DESCRIPTION: |
| 123 |
> -# Figure out what kind of work we need to do in order to have /boot |
| 124 |
be sane. |
| 125 |
> -# Return values are: |
| 126 |
> -# 0 - Do nothing at all! |
| 127 |
> -# 1 - It's mounted, but is currently ro, so need to remount rw. |
| 128 |
> -# 2 - It's not mounted, so need to mount it rw. |
| 129 |
> +# Check if /boot is sane, i.e., mounted read/write if on a separate |
| 130 |
> +# partition. Die if conditions are not fulfilled. |
| 131 |
> mount-boot_check_status() { |
| 132 |
> # Get out fast if possible. |
| 133 |
> - mount-boot_is_disabled && return 0 |
| 134 |
> + mount-boot_is_disabled && return |
| 135 |
> |
| 136 |
> # note that /dev/BOOT is in the Gentoo default /etc/fstab file |
| 137 |
> - local fstabstate=$(awk '!/^#|^[[:blank:]]+#|^\/dev\/BOOT/ {print |
| 138 |
$2}' /etc/fstab | egrep "^/boot$" ) |
| 139 |
> - local procstate=$(awk '$2 ~ /^\/boot$/ {print $2}' /proc/mounts) |
| 140 |
> - local proc_ro=$(awk '{ print $2 " ," $4 "," }' /proc/mounts | sed |
| 141 |
-n '/^\/boot .*,ro,/p') |
| 142 |
> - |
| 143 |
> - if [ -n "${fstabstate}" ] && [ -n "${procstate}" ] ; then |
| 144 |
> - if [ -n "${proc_ro}" ] ; then |
| 145 |
> - echo |
| 146 |
> - einfo "Your boot partition, detected as being mounted at |
| 147 |
/boot, is read-only." |
| 148 |
> - einfo "It will be remounted in read-write mode temporarily." |
| 149 |
> - return 1 |
| 150 |
> - else |
| 151 |
> - echo |
| 152 |
> - einfo "Your boot partition was detected as being mounted |
| 153 |
at /boot." |
| 154 |
> - einfo "Files will be installed there for ${PN} to |
| 155 |
function correctly." |
| 156 |
> - return 0 |
| 157 |
> - fi |
| 158 |
> - elif [ -n "${fstabstate}" ] && [ -z "${procstate}" ] ; then |
| 159 |
> - echo |
| 160 |
> - einfo "Your boot partition was not mounted at /boot, so it |
| 161 |
will be automounted for you." |
| 162 |
> - einfo "Files will be installed there for ${PN} to function |
| 163 |
correctly." |
| 164 |
> - return 2 |
| 165 |
> - else |
| 166 |
> - echo |
| 167 |
> + local fstabstate=$(awk '!/^[[:blank:]]*#|^\/dev\/BOOT/ && $2 == |
| 168 |
"/boot" \ |
| 169 |
> + { print 1; exit }' /etc/fstab || die "awk failed") |
| 170 |
> + |
| 171 |
> + if [[ -z ${fstabstate} ]] ; then |
| 172 |
> einfo "Assuming you do not have a separate /boot partition." |
| 173 |
> - return 0 |
| 174 |
> + return |
| 175 |
> fi |
| 176 |
> -} |
| 177 |
> |
| 178 |
> -mount-boot_pkg_pretend() { |
| 179 |
> - # Get out fast if possible. |
| 180 |
> - mount-boot_is_disabled && return 0 |
| 181 |
> + local procstate=$(awk '$2 == "/boot" \ |
| 182 |
> + { print gensub(/^(.*,)?(ro|rw)(,.*)?$/, "\\2", 1, $4); exit }' \ |
| 183 |
> + /proc/mounts || die "awk failed") |
| 184 |
> |
| 185 |
> - elog "To avoid automounting and auto(un)installing with /boot," |
| 186 |
> - elog "just export the DONT_MOUNT_BOOT variable." |
| 187 |
> - mount-boot_check_status |
| 188 |
> + if [[ -z ${procstate} ]] ; then |
| 189 |
> + eerror "Your boot partition is not mounted at /boot." |
| 190 |
> + eerror "Please mount it and retry." |
| 191 |
> + die "/boot not mounted" |
| 192 |
> + fi |
| 193 |
> + |
| 194 |
> + if [[ ${procstate} == ro ]] ; then |
| 195 |
> + eerror "Your boot partition, detected as being mounted at |
| 196 |
/boot," \ |
| 197 |
> + "is read-only." |
| 198 |
> + eerror "Please remount it read/write and retry." |
| 199 |
> + die "/boot mounted read-only" |
| 200 |
> + fi |
| 201 |
> + |
| 202 |
> + einfo "Your boot partition was detected as being mounted at /boot." |
| 203 |
> + einfo "Files will be installed there for ${PN} to function |
| 204 |
correctly." |
| 205 |
> } |
| 206 |
> |
| 207 |
> -mount-boot_mount_boot_partition() { |
| 208 |
> +mount-boot_pkg_pretend() { |
| 209 |
> mount-boot_check_status |
| 210 |
> - case $? in |
| 211 |
> - 0) # Nothing to do. |
| 212 |
> - ;; |
| 213 |
> - 1) # Remount it rw. |
| 214 |
> - mount -o remount,rw /boot |
| 215 |
> - if [ $? -ne 0 ] ; then |
| 216 |
> - echo |
| 217 |
> - eerror "Unable to remount in rw mode. Please do it manually!" |
| 218 |
> - die "Can't remount in rw mode. Please do it manually!" |
| 219 |
> - fi |
| 220 |
> - touch /boot/.e.remount |
| 221 |
> - ;; |
| 222 |
> - 2) # Mount it rw. |
| 223 |
> - mount /boot -o rw |
| 224 |
> - if [ $? -ne 0 ] ; then |
| 225 |
> - echo |
| 226 |
> - eerror "Cannot automatically mount your /boot partition." |
| 227 |
> - eerror "Your boot partition has to be mounted rw before |
| 228 |
the installation" |
| 229 |
> - eerror "can continue. ${PN} needs to install important |
| 230 |
files there." |
| 231 |
> - die "Please mount your /boot partition manually!" |
| 232 |
> - fi |
| 233 |
> - touch /boot/.e.mount |
| 234 |
> - ;; |
| 235 |
> - esac |
| 236 |
> } |
| 237 |
> |
| 238 |
> mount-boot_pkg_preinst() { |
| 239 |
> - # Handle older EAPIs. |
| 240 |
> - case ${EAPI:-0} in |
| 241 |
> - [0-3]) mount-boot_pkg_pretend ;; |
| 242 |
> - esac |
| 243 |
> - |
| 244 |
> - mount-boot_mount_boot_partition |
| 245 |
> + mount-boot_check_status |
| 246 |
> } |
| 247 |
> |
| 248 |
> mount-boot_pkg_prerm() { |
| 249 |
> - touch "${ROOT}"/boot/.keep 2>/dev/null |
| 250 |
> - mount-boot_mount_boot_partition |
| 251 |
> - touch "${ROOT}"/boot/.keep 2>/dev/null |
| 252 |
> -} |
| 253 |
> + mount-boot_check_status |
| 254 |
> |
| 255 |
> -mount-boot_umount_boot_partition() { |
| 256 |
> - # Get out fast if possible. |
| 257 |
> - mount-boot_is_disabled && return 0 |
| 258 |
> - |
| 259 |
> - if [ -e /boot/.e.remount ] ; then |
| 260 |
> - einfo "Automatically remounting /boot as ro as it was |
| 261 |
previously." |
| 262 |
> - rm -f /boot/.e.remount |
| 263 |
> - mount -o remount,ro /boot |
| 264 |
> - elif [ -e /boot/.e.mount ] ; then |
| 265 |
> - einfo "Automatically unmounting /boot as it was previously." |
| 266 |
> - rm -f /boot/.e.mount |
| 267 |
> - umount /boot |
| 268 |
> + if [[ -z ${EPREFIX} ]] \ |
| 269 |
> + && ! ( shopt -s failglob; : "${EROOT}"/boot/.keep* ) 2>/dev/null |
| 270 |
> + then |
| 271 |
> + # Create a .keep file, in case it is shadowed at the mount point |
| 272 |
> + touch "${EROOT}"/boot/.keep 2>/dev/null |
| 273 |
> fi |
| 274 |
> } |
| 275 |
> |
| 276 |
> -mount-boot_pkg_postinst() { |
| 277 |
> - mount-boot_umount_boot_partition |
| 278 |
> -} |
| 279 |
> +# No-op phases for backwards compatibility |
| 280 |
> +mount-boot_pkg_postinst() { :; } |
| 281 |
> |
| 282 |
> -mount-boot_pkg_postrm() { |
| 283 |
> - mount-boot_umount_boot_partition |
| 284 |
> -} |
| 285 |
> +mount-boot_pkg_postrm() { :; } |
Archives